Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Element Pack Addons for Elementor plugin allows unauthorized file access
CVE-2026-1793
Summary
The Element Pack Addons for Elementor plugin for WordPress has a security flaw that allows attackers with contributor-level access to read sensitive information from your server. This is a serious issue, as it can reveal confidential data. We recommend updating the plugin to the latest version to fix this issue.
Original title
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file valida...
Original description
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'render_svg' function. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
nvd CVSS3.1
6.5
Vulnerability type
CWE-22
Path Traversal
Published: 15 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026